Method and system for installing an application in a security element
First Claim
1. A method for installing an application in a security element of a portable end device, the security element comprising its own hardware-based secure runtime environment and a secure memory that are separate from the portable end device, the method comprising the steps of:
- receiving an installation job at a first installation device for installing the application on the security element, the installation job being provided to the first installation device from the security element, wherein the security element receives the application from an application server that is separate from the first installation device;
checking at the first the received installation job to determine whether the received installation job can be executed by the first installation device without interaction with a second installation device;
wherein upon determining that the received installation job can be executed by the first installation device, processing the installation job by the first installation device;
wherein the first installation device receives the installation job from the security element or from a second security element different from the security element, andwherein upon determining that the received installation job cannot be executed by the first installation device without interaction with the second installation device, the first installation device interacts with the second installation device by relaying the installation job to the second installation device such that the application is installed on the security element by the second installation device to which the installation job was relayed, or by the first installation device requesting an installation authorization for carrying out the installation job from the second installation device,wherein the security element comprises a determination table which states when the first installation device can execute the installation job, and which states when the first installation device can interact with the second installation device to execute the installation job;
wherein the security element uses the determination table to determine which of the first and second installation devices are to be involved in the execution of the installation job;
wherein the first installation device can access the determination table of the security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; and
wherein the first installation device and the second installation device are trusted service manager devices and the second installation device is separate from the first installation device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for installing an application in a security element of a portable end device comprises the following steps: the installation device receives an installation job for installing a pre-specified application on a pre-specified security element. The job is processed by the installation device which receives the installation job from the pre-specified security element itself or from a further security element different from the pre-specified security element.
47 Citations
5 Claims
-
1. A method for installing an application in a security element of a portable end device, the security element comprising its own hardware-based secure runtime environment and a secure memory that are separate from the portable end device, the method comprising the steps of:
-
receiving an installation job at a first installation device for installing the application on the security element, the installation job being provided to the first installation device from the security element, wherein the security element receives the application from an application server that is separate from the first installation device; checking at the first the received installation job to determine whether the received installation job can be executed by the first installation device without interaction with a second installation device; wherein upon determining that the received installation job can be executed by the first installation device, processing the installation job by the first installation device; wherein the first installation device receives the installation job from the security element or from a second security element different from the security element, and wherein upon determining that the received installation job cannot be executed by the first installation device without interaction with the second installation device, the first installation device interacts with the second installation device by relaying the installation job to the second installation device such that the application is installed on the security element by the second installation device to which the installation job was relayed, or by the first installation device requesting an installation authorization for carrying out the installation job from the second installation device, wherein the security element comprises a determination table which states when the first installation device can execute the installation job, and which states when the first installation device can interact with the second installation device to execute the installation job; wherein the security element uses the determination table to determine which of the first and second installation devices are to be involved in the execution of the installation job; wherein the first installation device can access the determination table of the security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; and wherein the first installation device and the second installation device are trusted service manager devices and the second installation device is separate from the first installation device. - View Dependent Claims (2)
-
-
3. An installation device for installing an application on a security element of a portable end device, comprising:
-
one or more processors; and one or more computer-readable media having thereon computer-executable instructions that are structured such that, when executed by the one or more processors, cause the installation device to; accept an installation job for installing a pre-specified application on a pre-specified security element; initiate an installation of the pre-specified application on a the pre-specified security element upon checking the installation job to determine whether the installation job can be executed by the installation device without interaction with a second installation device that is different from the installation device, the installation job being provided to the installation device from the pre-specified security element, wherein the pre-specified security element receives the pre-specified application from an application server that is separate from the installation device, and process installation job upon determining that the installation job can be executed by the installation device, and interact with the second installation device, upon determining that the installation job cannot be executed by the installation device without interaction with the second installation device, by replaying the installation job to the second installation device such that the pre-specified application is installed on the pre-specified security element by the second installation device to which the installation job was relayed or by the installation device requesting an installation authorization for carrying out the installation job from the second installation device, wherein the pre-specified element comprises a determine table which states when the installation device can execute the installation job, and which states when the installation device can interact with the second installation device to execute the installation job, wherein the pre-specified security element uses the determination table to determine which of the installation device and the second installation device are to be involved in the execution of the installation job; wherein the installation device can access the determination table of the pre-specified security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; and wherein the installation device and the second installation device are trusted service manager devices and the second installation device is separate from the installation device. - View Dependent Claims (4)
-
-
5. A system for installing an application in a security element of a portable end device, the system comprising:
-
a first installation device; a second installation device; a portable end device including a security element;
the security element configured to;receive an application from an application server that is different from the first and second installation devices; and provide an installation job for installing the application to the first installation device, the security element comprising a determination table which states when the first installation device can execute the installation job, and which states when the first installation device can interact with the second installation device to execute the installation job, wherein the security element uses the determination table to determine which of the first and second installation devices are to be involved in the execution of the installation job; the first installation device configured to; receive the installation job from the security element; check the installation job to determine whether the installation job can be executed by the first installation device without interaction with the second installation device, wherein the first installation device can access the determination table of the security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; upon determining that the received installation job can be executed by the first installation device, process the installation job; and upon determining that the installation job cannot be executed by the first installation device without interaction with the second installation device, interacting with the second installation device by relaying the installation job to the second installation device; the second installation device configured to, when the relayed installation job is received from the first installation device; process the installation job;
orprovide an authorization to the first authorization device for processing the installation job; and wherein the first installation device and the second installation device are trusted service manager devices and the second installation device is separate from the first installation device.
-
Specification